Yesterday, I attended a webinar about social media policies called "E-Privacy: Can You Legally Monitor MySpace, LinkedIn, E-mail, & Blogs?" electronic information expert, Robert D. Brownstone, Esq. who is the Law & Technology Director at Fenwick & West LLP (F&W), a Silicon-Valley-based law firm. The Webinar was mostly focused on the privacy concerns and the Human Resources side of Internet/Social Media Policies. Some of the topics addressed:
- When does an employee's personal blog become "work-related"?
- Legal implications of using technology to learn about employees and applicants
- Can an employee be fired for off-duty online behavior?
I can't share the specifics because of copyright issues, but it was informative to hear the lawyer's perspective and it has prompted some important insights for me. One of the key takeaways was:
The Three E's:
-Establish the policy: Determine the policy and what you want to accomplish
-Educate: Important to train or make employees aware of the implications
-Enforce: Less about the top down control, but the fact that you need to consistently use the policy – shouldn’t sit in a drawer
At the Packard Foundation, I've been involved in discussions about social media policy. During the Webinar, I had copies of the Foundation's Business Conduct, Confidentiality, IT Internet Usage Policy, and other related HR policies in front me. A lot of the ideas covered in the webinar are in the existing policies, although they don't define or mention "social media" specifically. Maybe all that's needed is to insert the word and definition for social media. (I'm not a lawyer, so this isn't legal advice and I'll leave that question to the legal department!)
What might be needed is a set of social media usage guidelines. These are NOT legal, but operational in terms of personal use. I did some additional research on Facebook to look at how different nonprofit people fill out their individual profiles. A very smart colleague who works at a foundation helped me understand the distinction between social media policy and usage guidelines through a discussion on his Facebook wall. Note that he was speaking as individual, not on behalf of his organization - and I haven't named either him or his organization.
Beth: Do you have a social media policy at your foundation?
Smart Colleague: Nope. .. Fact is, I am not sure that they are actually necessary, prudent, otherwise enforceable, or wise. Moreover, the foundation has its own voice and is, in fact, on twitter ;-). Oh.. we do have information and other policies that cover things like personal use of the internet, phone etiquette, crimes against humanity, copyright, bad attitude, and ugly pants.
Beth: What about social media usage guidelines?
Smart Colleague: Here's some guidelines.
A) Don't write stupid stuff you'll regret some day, 'cause someday you'll regret it.
B) Don't moon people with cameras (or at least hide your face when you do).
C) Avoid "Friending" your boss and any of his/her teenage children, nieces, or nephews.
D) Do your damnest to ignore posts by people that report to you... (especially if they're supposed to be working and all they are doing is twittering stupid irratating stuff all day long.)
E) Don't flirt too much with people other than your spouse.
Except for (E) [above], the majority of these things are not policy issues, but management issues. If you've got someone that is twittering all day long instead of working, it's not a function of social media.. it's a management issue.
I know, I'm being frivolous.
Social media is, IMHO, inherently personal -- use BY an organization is another thing entirely (and is a strategy question, not a policy question). An appropriate usage guidelines for an organization is to suggest/request that staff avoid the appearance of speaking for the organization when using social media personally. It is, in fact, what I do. My blog is my voice. In that venue, I do not speak for where I work.
My colleague's are funny, but they do a good job pointing out common sense. I think social media guidelines should not be draconian rules or controlling commandments. The guidelines should not make technology evil. Good guidelines are simple, flexible, common sense and encouraging. Furthermore, the written guidelines or product alone isn't enough - it needs to be accompanied by education where you discuss potential situations and discuss what to do. This is particularly important for "off-duty" actions that are grayer than "don't moon people with cameras."
I think the guidelines can be created or rather modified from a good models out there based on a couple of meetings where the group might look at the gray situations and discuss them.
I've been doing some research over the past few months and wrote a comprehensive post about social media policy and nonprofits that I've been updating. A terrific resource comes from Laurel Papworth, a comprehensive list of social media policies and guidelines drawn from corporate and government sources, with an Aussie slant. Also, I had lunch with Charlene Li the other day who told me she is currently researching social media policies and developing an online resource that will be really useful to those who need to development guidlines.
I like the Mayo Clinic's social media guidelines:
The key points:
- Follow all applicable policies
- Write in the first person
- Disclose your relationship
- Use personal contact information
- Be respectful
- Get your job done
In summary, your organization does need a policy around social media. You need to determine what that policy needs to include and whether existing policies can be revised to incorporate social media. You might also need some guidelines which simple usage guidelines. You need to accompany these with discussion and training.
What do you think?
Update: Mashable: When Does A Social Media Policy Go Too Far?